package com.wyw.learning.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @Title   Security配置类
 * @Description
 *      当想要开启Spring方法级安全时，需要使用@EnableMethodSecurity注解
 *          此注解提供prePostEnabled、securedEnabled和jsr250Enabled三种机制
 *
 *          prePostEnabled = true 会解锁@PreAuthorize 和 @PostAuthorize 两个注解
 *          secured是用来定义业务方法的安全配置
 *          jsr250Enabled 启用JSR-250安全控制注解，一共五个注解，此处等于true就开启了三个@DenyAll(拒绝所有访问),@RolesAllowed({"USER","ADMIN"})(仅允许USER，ADMIN两种权限访问，这里可以省略前缀ROLE_，即权限可能是ROLE_ADMIN),@PermitAll（允许所有访问）
 * @Author Mr Wu yewen.wu.china@gmail.com
 * @Date 2023/9/15 13:57
 * Update History:
 * Author        Time            Content
 */
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(jsr250Enabled = true, securedEnabled = true)// 基于方法的动态权限
public class ResourceServerConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http)
            throws Exception {
        http.authorizeHttpRequests(authorize -> authorize
                //所有的访问都需要通过身份认证
                .anyRequest().authenticated()
        )
                .oauth2ResourceServer(oauth2 -> oauth2
                        .jwt(Customizer.withDefaults())

                );
        return http.build();

    }
}
